85 research outputs found
Resource-aware scheduling for 2D/3D multi-/many-core processor-memory systems
This dissertation addresses the complexities of 2D/3D multi-/many-core processor-memory systems, focusing on two key areas: enhancing timing predictability in real-time multi-core processors and optimizing performance within thermal constraints. The integration of an increasing number of transistors into compact chip designs, while boosting computational capacity, presents challenges in resource contention and thermal management. The first part of the thesis improves timing predictability. We enhance shared cache interference analysis for set-associative caches, advancing the calculation of Worst-Case Execution Time (WCET). This development enables accurate assessment of cache interference and the effectiveness of partitioned schedulers in real-world scenarios. We introduce TCPS, a novel task and cache-aware partitioned scheduler that optimizes cache partitioning based on task-specific WCET sensitivity, leading to improved schedulability and predictability. Our research explores various cache and scheduling configurations, providing insights into their performance trade-offs. The second part focuses on thermal management in 2D/3D many-core systems. Recognizing the limitations of Dynamic Voltage and Frequency Scaling (DVFS) in S-NUCA many-core processors, we propose synchronous thread migrations as a thermal management strategy. This approach culminates in the HotPotato scheduler, which balances performance and thermal safety. We also introduce 3D-TTP, a transient temperature-aware power budgeting strategy for 3D-stacked systems, reducing the need for Dynamic Thermal Management (DTM) activation. Finally, we present 3QUTM, a novel method for 3D-stacked systems that combines core DVFS and memory bank Low Power Modes with a learning algorithm, optimizing response times within thermal limits. This research contributes significantly to enhancing performance and thermal management in advanced processor-memory systems
Adaptive Microarchitectural Optimizations to Improve Performance and Security of Multi-Core Architectures
With the current technological barriers, microarchitectural optimizations are increasingly important to ensure performance scalability of computing systems. The shift to multi-core architectures increases the demands on the memory system, and amplifies the role of microarchitectural optimizations in performance improvement. In a multi-core system, microarchitectural resources are usually shared, such as the cache, to maximize utilization but sharing can also lead to contention and lower performance. This can be mitigated through partitioning of shared caches.However, microarchitectural optimizations which were assumed to be fundamentally secure for a long time, can be used in side-channel attacks to exploit secrets, as cryptographic keys. Timing-based side-channels exploit predictable timing variations due to the interaction with microarchitectural optimizations during program execution. Going forward, there is a strong need to be able to leverage microarchitectural optimizations for performance without compromising security. This thesis contributes with three adaptive microarchitectural resource management optimizations to improve security and/or\ua0performance\ua0of multi-core architectures\ua0and a systematization-of-knowledge of timing-based side-channel attacks.\ua0We observe that to achieve high-performance cache partitioning in a multi-core system\ua0three requirements need to be met: i) fine-granularity of partitions, ii) locality-aware placement and iii) frequent changes. These requirements lead to\ua0high overheads for current centralized partitioning solutions, especially as the number of cores in the\ua0system increases. To address this problem, we present an adaptive and scalable cache partitioning solution (DELTA) using a distributed and asynchronous allocation algorithm. The\ua0allocations occur through core-to-core challenges, where applications with larger performance benefit will gain cache capacity. The\ua0solution is implementable in hardware, due to low computational complexity, and can scale to large core counts.According to our analysis, better performance can be achieved by coordination of multiple optimizations for different resources, e.g., off-chip bandwidth and cache, but is challenging due to the increased number of possible allocations which need to be evaluated.\ua0Based on these observations, we present a solution (CBP) for coordinated management of the optimizations: cache partitioning, bandwidth partitioning and prefetching.\ua0Efficient allocations, considering the inter-resource interactions and trade-offs, are achieved using local resource managers to limit the solution space.The continuously growing number of\ua0side-channel attacks leveraging\ua0microarchitectural optimizations prompts us to review attacks and defenses to understand the vulnerabilities of different microarchitectural optimizations. We identify the four root causes of timing-based side-channel attacks: determinism, sharing, access violation\ua0and information flow.\ua0Our key insight is that eliminating any of the exploited root causes, in any of the attack steps, is enough to provide protection.\ua0Based on our framework, we present a systematization of the attacks and defenses on a wide range of microarchitectural optimizations, which highlights their key similarities.\ua0Shared caches are an attractive attack surface for side-channel attacks, while defenses need to be efficient since the cache is crucial for performance.\ua0To address this issue, we present an adaptive and scalable cache partitioning solution (SCALE) for protection against cache side-channel attacks. The solution leverages randomness,\ua0and provides quantifiable and information theoretic security guarantees using differential privacy. The solution closes the performance gap to a state-of-the-art non-secure allocation policy for a mix of secure and non-secure applications
Cybersecurity: Past, Present and Future
The digital transformation has created a new digital space known as
cyberspace. This new cyberspace has improved the workings of businesses,
organizations, governments, society as a whole, and day to day life of an
individual. With these improvements come new challenges, and one of the main
challenges is security. The security of the new cyberspace is called
cybersecurity. Cyberspace has created new technologies and environments such as
cloud computing, smart devices, IoTs, and several others. To keep pace with
these advancements in cyber technologies there is a need to expand research and
develop new cybersecurity methods and tools to secure these domains and
environments. This book is an effort to introduce the reader to the field of
cybersecurity, highlight current issues and challenges, and provide future
directions to mitigate or resolve them. The main specializations of
cybersecurity covered in this book are software security, hardware security,
the evolution of malware, biometrics, cyber intelligence, and cyber forensics.
We must learn from the past, evolve our present and improve the future. Based
on this objective, the book covers the past, present, and future of these main
specializations of cybersecurity. The book also examines the upcoming areas of
research in cyber intelligence, such as hybrid augmented and explainable
artificial intelligence (AI). Human and AI collaboration can significantly
increase the performance of a cybersecurity system. Interpreting and explaining
machine learning models, i.e., explainable AI is an emerging field of study and
has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-
TPPD: Targeted Pseudo Partitioning based Defence for cross-core covert channel attacks
Contemporary computing employs cache hierarchy to fill the speed gap between processors and main memories. In order to optimise system performance, Last Level Caches (LLC) are shared among all the cores. Cache sharing has made them an attractive surface for cross-core timing channel attacks. In these attacks, an attacker running on another core can exploit the access timing of the victim process to infiltrate the secret information. One such attack is called a cross-core Covert Channel Attack (CCA). Timely detection and then prevention of cross-core CCA is critical for maintaining the integrity and security of users, especially in a shared computing environment. In this work, we have proposed an efficient cross-core CCA mitigation technique. We propose a way-wise cache partitioning on targeted sets, only for the processes suspected to be attackers. In this way, the performance impact on the entire LLC is minimised, and benign applications can utilise the LLC to its full capacity. We have used a cycle-accurate simulator (gem5) to analyse the performance of the proposed method and its security effectiveness. It has been successful in abolishing the cross-core covert timing channel attack with no significant performance impact on benign applications. It causes 23% less cache misses in comparison to existing partitioning based solutions while requiring ≈0.26% storage overhead
Analysis and Mitigation of Shared Resource Contention on Heterogeneous Multicore: An Industrial Case Study
In this paper, we address the industrial challenge put forth by ARM in ECRTS
2022. We systematically analyze the effect of shared resource contention to an
augmented reality head-up display (AR-HUD) case-study application of the
industrial challenge on a heterogeneous multicore platform, NVIDIA Jetson Nano.
We configure the AR-HUD application such that it can process incoming image
frames in real-time at 20Hz on the platform. We use micro-architectural
denial-of-service (DoS) attacks as aggressor tasks of the challenge and show
that they can dramatically impact the latency and accuracy of the AR-HUD
application, which results in significant deviations of the estimated
trajectories from the ground truth, despite our best effort to mitigate their
influence by using cache partitioning and real-time scheduling of the AR-HUD
application. We show that dynamic LLC (or DRAM depending on the aggressor)
bandwidth throttling of the aggressor tasks is an effective mean to ensure
real-time performance of the AR-HUD application without resorting to
over-provisioning the system
DRAM Bender: An Extensible and Versatile FPGA-based Infrastructure to Easily Test State-of-the-art DRAM Chips
To understand and improve DRAM performance, reliability, security and energy
efficiency, prior works study characteristics of commodity DRAM chips.
Unfortunately, state-of-the-art open source infrastructures capable of
conducting such studies are obsolete, poorly supported, or difficult to use, or
their inflexibility limit the types of studies they can conduct.
We propose DRAM Bender, a new FPGA-based infrastructure that enables
experimental studies on state-of-the-art DRAM chips. DRAM Bender offers three
key features at the same time. First, DRAM Bender enables directly interfacing
with a DRAM chip through its low-level interface. This allows users to issue
DRAM commands in arbitrary order and with finer-grained time intervals compared
to other open source infrastructures. Second, DRAM Bender exposes easy-to-use
C++ and Python programming interfaces, allowing users to quickly and easily
develop different types of DRAM experiments. Third, DRAM Bender is easily
extensible. The modular design of DRAM Bender allows extending it to (i)
support existing and emerging DRAM interfaces, and (ii) run on new commercial
or custom FPGA boards with little effort.
To demonstrate that DRAM Bender is a versatile infrastructure, we conduct
three case studies, two of which lead to new observations about the DRAM
RowHammer vulnerability. In particular, we show that data patterns supported by
DRAM Bender uncovers a larger set of bit-flips on a victim row compared to the
data patterns commonly used by prior work. We demonstrate the extensibility of
DRAM Bender by implementing it on five different FPGAs with DDR4 and DDR3
support. DRAM Bender is freely and openly available at
https://github.com/CMU-SAFARI/DRAM-Bender.Comment: To appear in TCAD 202
Sacrifice or Salvation: How can Animal Lives be Spared and Human Health Improved by Toxics Reform?
This dissertation investigates the complexities of the entwined relations between animal cognition, the use of animals in toxicity testing, and the proliferation and impacts of harmful chemicals in our society. It asks how, in light of the most current research on animal sentience and the ethics of responsibility, a reorientation of chemical testing at a theoretical, ethical and practical level could spare animal suffering and improve human health outcomes. Its starting point is the unfolding scientific research on animal cognition, and the consequent implications for reconsidering the ethical relationships, historically established and currently assumed, between human and non-human animals. The central issue, which infuses this dissertation, is whether humans are obliged by this knowledge to expand our moral arena to encompass animals, to acknowledge their entitlement not to be used for toxicity experimentation, and the implications of such an entitlement for the future use of animals in toxicity testing.
The work is based on a social constructivist process centred on the multiple facets of toxicity testing – the philosophical viewpoints of those who have expressed concern for the well-being of animals, governments’ animal protection laws that fail to spare animals from painful experimentation, toxics laws that promote the use of animals in toxicity tests, the pain and suffering of the tests themselves, the championing of the mouse as the favoured animal for experimentation, and the limitations and failure of toxicity testing itself to safeguard public health and the environment from widespread contamination. In addition, this examination of toxicity testing looks at the potential differences between advocates of expanded testing of toxic chemicals and animal advocates concerned about the implications of expanded testing for the increased use of animals. Finally, building on qualitative methods for assessing the current state of knowledge regarding the use of animals in toxicity testing, this dissertation evaluates how this system could be redrawn to both spare animals and better gauge the toxicity of chemicals
Security and Privacy for the Modern World
The world is organized around technology that does not respect its users. As a precondition of participation in digital life, users cede control of their data to third-parties with murky motivations, and cannot ensure this control is not mishandled or abused. In this work, we create secure, privacy-respecting computing for the average user by giving them the tools to guarantee their data is shielded from prying eyes. We first uncover the side channels present when outsourcing scientific computation to the cloud, and address them by building a data-oblivious virtual environment capable of efficiently handling these workloads. Then, we explore stronger privacy protections for interpersonal communication through practical steganography, using it to hide sensitive messages in realistic cover distributions like English text. Finally, we discuss at-home cryptography, and leverage it to bind a user’s access to their online services and important files to a secure location, such as their smart home. This line of research represents a new model of digital life, one that is both full-featured and protected against the security and privacy threats of the modern world
Hardware-Assisted Processor Tracing for Automated Bug Finding and Exploit Prevention
The proliferation of binary-only program analysis techniques like fuzz testing and symbolic analysis have lead to an acceleration in the number of publicly disclosed vulnerabilities. Unfortunately, while bug finding has benefited from recent advances in automation and a decreasing barrier to entry, bug remediation has received less attention. Consequently, analysts are publicly disclosing bugs faster than developers and system administrators can mitigate them. Hardware-supported processor tracing within commodity processors opens new doors to observing low-level behaviors with efficiency, transparency, and integrity that can close this automation gap. Unfortunately, several trade-offs in its design raise serious technical challenges that have limited widespread adoption. Specifically, modern processor traces only capture control flow behavior, yield high volumes of data that can incur overhead to sift through, and generally introduce a semantic gap between low-level behavior and security relevant events.
To solve the above challenges, I propose control-oriented record and replay, which combines concrete traces with symbolic analysis to uncover vulnerabilities and exploits. To demonstrate the efficacy and versatility of my approach, I first present a system called ARCUS, which is capable of analyzing processor traces flagged by host-based monitors to detect, localize, and provide preliminary patches to developers for memory corruption vulnerabilities. ARCUS has detected 27 previously known vulnerabilities alongside 4 novel cases, leading to the issuance of several advisories and official developer patches. Next, I present MARSARA, a system that protects the integrity of execution unit partitioning in data provenance-based forensic analysis. MARSARA prevents several expertly crafted exploits from corrupting partitioned provenance graphs while incurring little overhead compared to prior work. Finally, I present Bunkerbuster, which extends the ideas from ARCUS and MARSARA into a system capable of proactively hunting for bugs across multiple end-hosts simultaneously, resulting in the discovery and patching of 4 more novel bugs.Ph.D
Suspicion, control and desire - a criminological analysis of secretive conduct and smart devices
The topic of this thesis is the connection between secrecy and the onlife reality, a blurring line between being online and offline. Specifically, it offers a novel criminological perspective on how the smart technological devices integrated in the onlife ecology (with its technologies, features, design, instant online access, and messaging) aid specific instances of 'secretive conduct', involving regular and mundane episodes of suspicion, control and desire towards our kin, partners, co-worker, and perfect strangers.
While most studies on smart technology (phones, pc, homes, watches, cars) concern privacy and security, as well as the elements of isolation and social disintegration - this thesis offers an innovative contribution in the field of criminology. The elements which protect our devices, such as touch ID and face recognition have created an un-accessible wall against other users, both online and offline; the character of such elements and their effects is a central concern of this thesis, revolving around suspicion, control and desire such a condition induces.
Using a cultural criminology perspective, this work will theorize the ecology of onlife reality, the secretive conduct that characterises its environment; interpreting how tools of monitoring and control appear to have taken over any 'space' - from public to private. It
appears that not only is anything observable - but it is done in a covert and discreet manner - the Goffmanian front & back stage result constantly under scrutiny. In this context, the users become increasingly effected by this covert scrutiny. The smartphone functions as a quintessential tool that allows such a blur - leading into the onlife question of crime and cybercrime.
Advancing an experimental 'hybrid' methodology that attempts to unite both digital and 'in-person' ethnographic considerations, the research makes use of informal and incidental 'confessions' of smart technology users, such as their personal or witnessed secretive conducts. The analysis concentrates on specific abusive episodes in which the use of onlife devices allow all sorts of secretive conducts, with direct or indirect elements of harm: these are treated as social 'vignettes', and include parents secretly monitoring their children, partners making assumptions on the other's whereabouts, perpetuating elements of stalking, blackmailing, monitoring, all in a remote and apparently 'secured' environment.
This work contributes to cultural criminology with analysis of the blasé approach to such elements of secretive conduct becoming integral in the onlife habitus of smartphone users. Secrecy is becoming a central element of onlife ecology, taking place unwillingly, and mostly unknowingly. To act in secret, to monitor in secret - wanting to see, control, and observe all become central elements of the onlife
- …